'Locky' ransomware scam hits tens of thousands of Australian computers

Cyber criminals are scraping personal information from thousands of Australians' social media profiles and using it to trap victims with ransomware — a type of malware that freezes computer files and demands money to unlock them.

Hackers are using Australia Post and personal information gleaned from social media to scam victims.Credit:Jessica Shapiro

What makes the scam so dangerous is that it addresses the recipient with personal information such as their full name, location, workplace and job description — all gleaned from their social media profile and designed to dupe them into thinking the email is legitimate.

MailGuard, the anti-virus and security company which discovered the scam, said hackers were using "highly advanced" scraping software to scan social media profiles and automatically deliver the malicious email to tens of thousands of victims.

Advertisement

The AusPost parcel scam containing Locky.Credit:MailGuard

The email, which looks like it's from Australia Post, tells the recipient to print an attached "shipment confirmation" and bring it into an AusPost store, along with ID, to collect a parcel. Once the victim downloads and opens the attachment, it runs a simple JavaScript code that locks their computer files and demands a ransom fee in bitcoins worth hundreds of dollars.

Linus Information Security Solutions director Mike Thompson said there was "no doubt" a scam's effectiveness was linked to the level of trust it could establish with a victim.

"I have asked people if they would open an email and attachment if it appeared to come from a trusted source and it contained references to personal information that is often publicly displayed on social media, such as a local sports club, alumni etc," Mr Thompson said.

"The response has typically been yes."

After Locky activates, it displays this message as the victim's desktop background.Credit:McAfee Labs

Mr Thompson said users should keep such personal information off social media platforms, or "develop a very good malware radar".

Sophisticated malware protection software was not enough to stop all attacks, he said, and people needed to be aware of social engineering techniques which were designed to establish trust.

Locky is more sinister than some other types of malware because, according to IT security company McAfee Labs, a JavaScript file is small and appears benign to many anti-malware security programs.

Locky has also snuck onto computers via Microsoft Word documents.

"We've seen many cases of ransomware before, but this new 'Locky' attack is a brand new version, with the ability to bypass many traditional security solutions that don't provide adequate protection," said MailGuard chief executive Craig McDonald.

Security researchers discovered the ransomware only weeks ago, and it has quickly spread to attack millions of victims across the globe.

In one devastating case, it disabled a US hospital's IT systems, forcing staff to rely on pen and paper for days and costing the organisation a ransom worth $US17,000 ($22,772) to decrypt the files.

The Australian Competition and Consumer Commission has been warning the public about Australia Post parcel scams for years.

Last year it estimated Australians had lost more than $80,000 to email parcel scams.

The watchdog advises Australians to delete any emails claiming to be from Australia Post about an "undeliverable package" and to call the company directly to double check if they are unsure.

It also advises people regularly back up their computer files, and do not click on links or download files in unexpected emails — especially executable (.exe) files or zip files. The AusPost Locky scam has a zip file (condensed file) attached.

ACCC's five tips for protecting yourself against an AusPost scam

Australia Post will put a notice in your letter box if a package was undeliverable. Delete any email claiming to be from Australia Post about an undelivered package.

Do not click on links or download files in emails you receive out of the blue — especially if they are executable (.exe) files or zip files. These files are likely to contain malware.

If you are suspicious about a 'missed' parcel delivery, call the company directly to verify that the correspondence is genuine. Independently source the contact details through an internet search or phone book — do not rely on numbers provided.

Buy yourself (or your business) a stand-alone hard drive. These have become relatively inexpensive and can save you a lot if your computer is infected by malware or ransomware.

Regularly back-up your computer's data on a separate hard drive. If your computer is infected by malware or ransomware you can restore the factory settings and easily re-install all of your software and data.